Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
Vulnerability Description
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. This issue has been patched in version 1.26.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
MCP TypeScript SDK 竞争条件问题漏洞
Vulnerability Description
MCP TypeScript SDK是Model Context Protocol开源的一个用于模型上下文协议服务器和客户端的开发者工具包。 MCP TypeScript SDK 1.10.0版本至1.25.3版本存在竞争条件问题漏洞,该漏洞源于跨客户端响应数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A